@vandenberghinc/volt 1.2.12 → 1.2.14

package/backend/dist/esm/backend/src/plugins/caddy/caddy.js

@@ -0,0 +1,592 @@
+// /**
+//  * @author Daan van den Bergh
+//  * @copyright © 2022 - 2026 Daan van den Bergh.
+//  */
+export {};
+// import { promises as fs } from "node:fs";
+// import { spawn } from "node:child_process";
+// import { platform } from "node:os";
+// import { createHash } from "node:crypto";
+// /**
+//  * Caddy reverse proxy setup utilities.
+//  *
+//  * Exposes an idempotent setup API for installing Caddy and writing validated configs.
+//  */
+// export namespace Caddy {
+//     /**
+//      * Represents a reverse proxy upstream configuration.
+//      */
+//     export interface ReverseProxyOpts {
+//         /** List of upstream targets (host:port). */
+//         readonly upstreams: readonly string[];
+//         /**
+//          * Optional reverse_proxy sub-directives expressed as a simple key/value map.
+//          *
+//          * Use this for widely-compatible configuration without forcing a massive typed surface.
+//          * Each entry is rendered as: `key value` inside the `reverse_proxy { ... }` block.
+//          *
+//          * Docs:
+//          * - reverse_proxy directive: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy
+//          * - reverse_proxy sub-directives: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#syntax
+//          *
+//          * @example
+//          * {Reverse proxy with health checks and header overrides}
+//          * Adds active health checks and forwards the original host and client IP information.
+//          * ```ts
+//          * const reverse_proxy: Caddy.ReverseProxyOpts = {
+//          *     upstreams: ["127.0.0.1:3000"],
+//          *     options: {
+//          *         health_uri: "/health",
+//          *         health_interval: "10s",
+//          *         health_timeout: "2s",
+//          *         lb_policy: "round_robin",
+//          *         header_up: "Host {host}",
+//          *     },
+//          * };
+//          * ```
+//          */
+//         readonly options?: Record<string, string | number | boolean>;
+//     }
+//     /**
+//      * A header operation in the `header` directive.
+//      *
+//      * Docs:
+//      * - header directive: https://caddyserver.com/docs/caddyfile/directives/header
+//      */
+//     export type HeaderOperation =
+//         | {
+//             /** Operation kind. */
+//             readonly kind: "set";
+//             /** Header field name. */
+//             readonly field: string;
+//             /** Header value. */
+//             readonly value: string;
+//         }
+//         | {
+//             /** Operation kind. */
+//             readonly kind: "add";
+//             /** Header field name. */
+//             readonly field: string;
+//             /** Header value. */
+//             readonly value: string;
+//         }
+//         | {
+//             /** Operation kind. */
+//             readonly kind: "delete";
+//             /** Header field name. */
+//             readonly field: string;
+//         };
+//     /**
+//      * Represents a structured `header` directive.
+//      *
+//      * This is rendered as:
+//      * `header [<matcher>] { ... }`
+//      *
+//      * Docs:
+//      * - header directive: https://caddyserver.com/docs/caddyfile/directives/header
+//      *
+//      * @example
+//      * {Set common security headers}
+//      * Adds HSTS and a few common hardening headers for all responses.
+//      * ```ts
+//      * const headers: Caddy.HeaderDirective = {
+//      *     directive: "header",
+//      *     operations: [
+//      *         { kind: "set", field: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains; preload" },
+//      *         { kind: "set", field: "X-Content-Type-Options", value: "nosniff" },
+//      *         { kind: "set", field: "X-Frame-Options", value: "DENY" },
+//      *         { kind: "set", field: "Referrer-Policy", value: "no-referrer" },
+//      *     ],
+//      * };
+//      * ```
+//      */
+//     export interface HeaderDirective {
+//         /** Discriminator for directive unions. */
+//         readonly directive: "header";
+//         /**
+//          * Optional Caddyfile request matcher token(s), e.g. `@api` or `@static`.
+//          *
+//          * If you need a complex matcher definition, use a raw string directive in `extra_directives`.
+//          */
+//         readonly matcher?: string;
+//         /** Header operations to apply. */
+//         readonly operations: readonly HeaderOperation[];
+//     }
+//     /**
+//      * Represents a structured `encode` directive.
+//      *
+//      * Docs:
+//      * - encode directive: https://caddyserver.com/docs/caddyfile/directives/encode
+//      *
+//      * @example
+//      * {Enable gzip and zstd compression}
+//      * Enables response compression where supported.
+//      * ```ts
+//      * const encode: Caddy.EncodeDirective = {
+//      *     directive: "encode",
+//      *     encodings: ["zstd", "gzip"],
+//      * };
+//      * ```
+//      */
+//     export interface EncodeDirective {
+//         /** Discriminator for directive unions. */
+//         readonly directive: "encode";
+//         /** List of encodings, e.g. `["zstd", "gzip"]`. */
+//         readonly encodings: readonly string[];
+//     }
+//     /**
+//      * Represents a structured `log` directive.
+//      *
+//      * Docs:
+//      * - log directive: https://caddyserver.com/docs/caddyfile/directives/log
+//      *
+//      * @example
+//      * {Write JSON access logs to a file}
+//      * Configures JSON formatted access logs written to a persistent file.
+//      * ```ts
+//      * const log: Caddy.LogDirective = {
+//      *     directive: "log",
+//      *     output: { kind: "file", path: "/var/log/caddy/access.json" },
+//      *     format: "json",
+//      * };
+//      * ```
+//      */
+//     export interface LogDirective {
+//         /** Discriminator for directive unions. */
+//         readonly directive: "log";
+//         /**
+//          * Optional Caddyfile request matcher token(s).
+//          *
+//          * If you need a complex matcher definition, use a raw string directive in `extra_directives`.
+//          */
+//         readonly matcher?: string;
+//         /**
+//          * Output configuration for logs.
+//          *
+//          * Note: This intentionally supports only the most common commercial-grade sinks
+//          * while keeping escape hatches via raw directives.
+//          */
+//         readonly output?: LogOutput;
+//         /** Log format name, e.g. `json` or `console`. */
+//         readonly format?: "json" | "console";
+//     }
+//     /**
+//      * Describes a log output sink.
+//      *
+//      * Docs:
+//      * - log output: https://caddyserver.com/docs/caddyfile/directives/log#output-modules
+//      */
+//     export type LogOutput =
+//         | {
+//             /** Output kind. */
+//             readonly kind: "file";
+//             /** File path for logs. */
+//             readonly path: string;
+//         }
+//         | {
+//             /** Output kind. */
+//             readonly kind: "stdout";
+//         }
+//         | {
+//             /** Output kind. */
+//             readonly kind: "stderr";
+//         };
+//     /**
+//      * Represents a structured `tls` directive for common use cases.
+//      *
+//      * Docs:
+//      * - tls directive: https://caddyserver.com/docs/caddyfile/directives/tls
+//      *
+//      * @example
+//      * {Use a DNS challenge issuer}
+//      * Configures TLS with a DNS provider module (requires the appropriate Caddy build).
+//      * ```ts
+//      * const tls: Caddy.TlsDirective = {
+//      *     directive: "tls",
+//      *     issuer: "dns",
+//      *     issuer_args: ["cloudflare", "{env.CLOUDFLARE_API_TOKEN}"],
+//      * };
+//      * ```
+//      */
+//     export interface TlsDirective {
+//         /** Discriminator for directive unions. */
+//         readonly directive: "tls";
+//         /**
+//          * Issuer module name, commonly `internal`, `acme`, or `dns`.
+//          *
+//          * For advanced TLS configuration, use raw directives.
+//          */
+//         readonly issuer?: "internal" | "acme" | "dns";
+//         /**
+//          * Optional issuer arguments.
+//          *
+//          * These are rendered as raw tokens after the issuer declaration.
+//          */
+//         readonly issuer_args?: readonly string[];
+//     }
+//     /**
+//      * A typed extra directive which can be rendered into a Caddyfile snippet.
+//      *
+//      * This provides common structured directives while keeping a raw string escape hatch.
+//      */
+//     export type ExtraDirective = string | HeaderDirective | EncodeDirective | LogDirective | TlsDirective;
+//     /**
+//      * Represents a single site served by Caddy.
+//      */
+//     export interface SiteOpts {
+//         /** Fully-qualified domain name. */
+//         readonly domain: string;
+//         /** Reverse proxy configuration. */
+//         readonly reverse_proxy: ReverseProxyOpts;
+//         /**
+//          * Optional extra Caddyfile directives added inside the site block.
+//          *
+//          * Supports both raw strings (fully flexible) and typed directive objects for common cases.
+//          *
+//          * Docs:
+//          * - Caddyfile directives overview: https://caddyserver.com/docs/caddyfile/directives
+//          *
+//          * @example
+//          * {Mix typed and raw directives}
+//          * Uses typed directives for common needs while falling back to raw Caddyfile lines when needed.
+//          * ```ts
+//          * const site: Caddy.SiteOpts = {
+//          *     domain: "example.com",
+//          *     reverse_proxy: { upstreams: ["127.0.0.1:3000"] },
+//          *     extra_directives: [
+//          *         { directive: "encode", encodings: ["zstd", "gzip"] },
+//          *         {
+//          *             directive: "header",
+//          *             operations: [
+//          *                 { kind: "set", field: "X-Frame-Options", value: "DENY" },
+//          *                 { kind: "set", field: "X-Content-Type-Options", value: "nosniff" },
+//          *             ],
+//          *         },
+//          *         // Raw escape hatch for anything not covered by types:
+//          *         "request_body { max_size 10MB }",
+//          *     ],
+//          * };
+//          * ```
+//          */
+//         readonly extra_directives?: readonly ExtraDirective[];
+//     }
+//     /**
+//      * Top-level Caddy configuration options.
+//      */
+//     export interface ConfigOpts {
+//         /** Destination path of the generated Caddy config file. */
+//         readonly config_path: string;
+//         /** List of sites to configure. */
+//         readonly sites: readonly SiteOpts[];
+//         /**
+//          * Optional global Caddyfile options written in the global options block `{ ... }`.
+//          *
+//          * Each entry is rendered as: `key value` within the global block.
+//          *
+//          * Docs:
+//          * - Global options block: https://caddyserver.com/docs/caddyfile/options
+//          * - Common global options: https://caddyserver.com/docs/caddyfile/options#global-options
+//          *
+//          * @example
+//          * {Set ACME email and enable debug logging globally}
+//          * Configures the email used for ACME registration and turns on debug mode.
+//          * ```ts
+//          * const config: Caddy.ConfigOpts = {
+//          *     config_path: "/etc/caddy/Caddyfile",
+//          *     global_options: {
+//          *         email: "ops@example.com",
+//          *         debug: true,
+//          *     },
+//          *     sites: [
+//          *         {
+//          *             domain: "example.com",
+//          *             reverse_proxy: { upstreams: ["127.0.0.1:3000"] },
+//          *         },
+//          *     ],
+//          * };
+//          * ```
+//          */
+//         readonly global_options?: Record<string, string | number | boolean>;
+//     }
+//     /**
+//      * Ensures that the Caddy binary is installed on the system.
+//      *
+//      * This function is idempotent and safe to run multiple times.
+//      *
+//      * @example
+//      * {Install Caddy if it is missing}
+//      * Ensures the `caddy` binary is available before writing configs.
+//      * ```ts
+//      * import { Caddy } from "./caddy_reverse_proxy_setup";
+//      *
+//      * await Caddy.ensure_installed();
+//      * ```
+//      */
+//     export async function ensure_installed(): Promise<void> {
+//         if (await is_caddy_available()) {
+//             return;
+//         }
+//         const current_platform: string = platform();
+//         // On Linux we install via the official Caddy apt repository (production-friendly).
+//         if (current_platform === "linux") {
+//             await install_caddy_linux();
+//             return;
+//         }
+//         throw new Error(`unsupported_platform: ${current_platform}`);
+//     }
+//     /**
+//      * Writes a Caddy configuration file in an idempotent manner.
+//      *
+//      * The file is only replaced if content has changed, then validated via `caddy validate`.
+//      *
+//      * @example
+//      * {Write and validate a reverse proxy configuration}
+//      * Generates a Caddyfile, writes it only if changed, and validates it.
+//      * ```ts
+//      * import { Caddy } from "./caddy_reverse_proxy_setup";
+//      *
+//      * await Caddy.write_config({
+//      *     config_path: "/etc/caddy/Caddyfile",
+//      *     global_options: { email: "ops@example.com" },
+//      *     sites: [
+//      *         {
+//      *             domain: "example.com",
+//      *             reverse_proxy: {
+//      *                 upstreams: ["127.0.0.1:3000"],
+//      *                 options: {
+//      *                     health_uri: "/health",
+//      *                     health_interval: "10s",
+//      *                 },
+//      *             },
+//      *             extra_directives: [
+//      *                 { directive: "encode", encodings: ["gzip", "zstd"] },
+//      *                 { directive: "log", output: { kind: "file", path: "/var/log/caddy/access.json" }, format: "json" },
+//      *                 {
+//      *                     directive: "header",
+//      *                     operations: [
+//      *                         { kind: "set", field: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains; preload" },
+//      *                         { kind: "set", field: "X-Content-Type-Options", value: "nosniff" },
+//      *                     ],
+//      *                 },
+//      *                 // Raw directive escape hatch:
+//      *                 "request_body { max_size 10MB }",
+//      *             ],
+//      *         },
+//      *     ],
+//      * });
+//      * ```
+//      */
+//     export async function write_config(opts: ConfigOpts): Promise<void> {
+//         const rendered_config: string = render_caddyfile(opts);
+//         await write_file_if_changed(opts.config_path, rendered_config);
+//         await validate_config(opts.config_path);
+//     }
+//     /**
+//      * Checks whether the caddy binary is available.
+//      */
+//     async function is_caddy_available(): Promise<boolean> {
+//         try {
+//             await exec("caddy", ["version"]);
+//             return true;
+//         } catch {
+//             return false;
+//         }
+//     }
+//     /**
+//      * Installs Caddy on Linux using official repositories.
+//      *
+//      * Note: This requires appropriate privileges (typically root).
+//      */
+//     async function install_caddy_linux(): Promise<void> {
+//         // Ensure apt can use HTTPS and has required keyring tooling.
+//         await exec("sh", [
+//             "-c",
+//             "apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https",
+//         ]);
+//         // Install the official Caddy signing key into the system keyrings.
+//         await exec("sh", [
+//             "-c",
+//             "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable.gpg",
+//         ]);
+//         // Add the official Caddy stable repository.
+//         await exec("sh", [
+//             "-c",
+//             "curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list",
+//         ]);
+//         // Install Caddy.
+//         await exec("apt-get", ["update"]);
+//         await exec("apt-get", ["install", "-y", "caddy"]);
+//     }
+//     /**
+//      * Renders a Caddyfile from typed configuration.
+//      *
+//      * This keeps the surface area minimal while allowing users to pass raw directives
+//      * via `extra_directives` and reverse_proxy `options`.
+//      */
+//     function render_caddyfile(opts: ConfigOpts): string {
+//         const lines: string[] = [];
+//         // Global options block (e.g. email, acme_ca, servers, etc).
+//         if (opts.global_options) {
+//             lines.push("{");
+//             for (const [key, value] of Object.entries(opts.global_options)) {
+//                 lines.push(`  ${key} ${value}`);
+//             }
+//             lines.push("}");
+//             lines.push("");
+//         }
+//         // Each site gets its own server block.
+//         for (const site of opts.sites) {
+//             lines.push(`${site.domain} {`);
+//             // reverse_proxy is the core directive for proxying to an upstream app.
+//             lines.push(`  reverse_proxy ${site.reverse_proxy.upstreams.join(" ")} {`);
+//             // Sub-directives within reverse_proxy (health checks, header manipulation, lb policy, etc).
+//             if (site.reverse_proxy.options) {
+//                 for (const [key, value] of Object.entries(site.reverse_proxy.options)) {
+//                     lines.push(`    ${key} ${value}`);
+//                 }
+//             }
+//             lines.push("  }");
+//             // Extra directives: render typed objects safely, or pass through raw strings.
+//             if (site.extra_directives) {
+//                 for (const directive of site.extra_directives) {
+//                     for (const rendered_line of render_extra_directive(directive)) {
+//                         lines.push(`  ${rendered_line}`);
+//                     }
+//                 }
+//             }
+//             lines.push("}");
+//             lines.push("");
+//         }
+//         return lines.join("\n");
+//     }
+//     /**
+//      * Renders an extra directive into one or more Caddyfile lines.
+//      */
+//     function render_extra_directive(directive: ExtraDirective): readonly string[] {
+//         // Raw directives are passed through unchanged to preserve full Caddy compatibility.
+//         if (typeof directive === "string") {
+//             return directive.split("\n");
+//         }
+//         if (directive.directive === "encode") {
+//             return [`encode ${directive.encodings.join(" ")}`];
+//         }
+//         if (directive.directive === "tls") {
+//             // Keep TLS typed support intentionally narrow and escape-hatch friendly.
+//             const issuer_tokens: string[] = [];
+//             if (directive.issuer) {
+//                 issuer_tokens.push(directive.issuer);
+//             }
+//             if (directive.issuer_args) {
+//                 for (const arg of directive.issuer_args) {
+//                     issuer_tokens.push(arg);
+//                 }
+//             }
+//             if (issuer_tokens.length === 0) {
+//                 return ["tls"];
+//             }
+//             return [`tls ${issuer_tokens.join(" ")}`];
+//         }
+//         if (directive.directive === "log") {
+//             const lines: string[] = [];
+//             const matcher_prefix: string = directive.matcher ? ` ${directive.matcher}` : "";
+//             lines.push(`log${matcher_prefix} {`);
+//             if (directive.output) {
+//                 if (directive.output.kind === "file") {
+//                     lines.push(`  output file ${directive.output.path}`);
+//                 } else if (directive.output.kind === "stdout") {
+//                     lines.push("  output stdout");
+//                 } else if (directive.output.kind === "stderr") {
+//                     lines.push("  output stderr");
+//                 }
+//             }
+//             if (directive.format) {
+//                 lines.push(`  format ${directive.format}`);
+//             }
+//             lines.push("}");
+//             return lines;
+//         }
+//         if (directive.directive === "header") {
+//             const lines: string[] = [];
+//             const matcher_prefix: string = directive.matcher ? ` ${directive.matcher}` : "";
+//             lines.push(`header${matcher_prefix} {`);
+//             // Render each operation line in the most widely-compatible Caddyfile form.
+//             for (const op of directive.operations) {
+//                 if (op.kind === "set") {
+//                     lines.push(`  ${op.field} "${escape_header_value(op.value)}"`);
+//                     continue;
+//                 }
+//                 if (op.kind === "add") {
+//                     // In Caddyfile, repeated header fields effectively "add" values.
+//                     lines.push(`  +${op.field} "${escape_header_value(op.value)}"`);
+//                     continue;
+//                 }
+//                 if (op.kind === "delete") {
+//                     lines.push(`  -${op.field}`);
+//                     continue;
+//                 }
+//             }
+//             lines.push("}");
+//             return lines;
+//         }
+//         // Exhaustiveness guard: if a new directive is added to the union, TypeScript will flag this.
+//         // Returning raw empty would be unsafe; we throw to avoid silently misconfiguring production.
+//         throw new Error("unsupported_extra_directive");
+//     }
+//     /**
+//      * Escapes a header value for safe embedding into a quoted Caddyfile token.
+//      */
+//     function escape_header_value(value: string): string {
+//         // We only escape backslashes and double-quotes to keep the resulting Caddyfile valid.
+//         return value.replaceAll("\\", "\\\\").replaceAll("\"", "\\\"");
+//     }
+//     /**
+//      * Writes a file only if its content has changed.
+//      *
+//      * This makes the setup idempotent and reduces unnecessary disk writes/reloads.
+//      */
+//     async function write_file_if_changed(file_path: string, content: string): Promise<void> {
+//         const new_hash: string = hash_content(content);
+//         try {
+//             const existing: string = await fs.readFile(file_path, "utf8");
+//             const existing_hash: string = hash_content(existing);
+//             if (existing_hash === new_hash) {
+//                 return;
+//             }
+//         } catch {
+//             // File does not exist or is unreadable, proceed with write.
+//         }
+//         await fs.writeFile(file_path, content, { mode: 0o644 });
+//     }
+//     /**
+//      * Validates a Caddy configuration file.
+//      *
+//      * This catches invalid directives before the user attempts to reload/start Caddy.
+//      */
+//     async function validate_config(config_path: string): Promise<void> {
+//         await exec("caddy", ["validate", "--config", config_path]);
+//     }
+//     /**
+//      * Executes a system command safely.
+//      *
+//      * Uses inherited stdio so the user sees relevant output (useful for install/validate).
+//      */
+//     async function exec(command: string, args: readonly string[]): Promise<void> {
+//         await new Promise<void>((resolve, reject) => {
+//             const child = spawn(command, args, { stdio: "inherit" });
+//             child.on("error", reject);
+//             child.on("exit", (code: number | null) => {
+//                 if (code === 0) {
+//                     resolve();
+//                     return;
+//                 }
+//                 reject(new Error(`command_failed: ${command}`));
+//             });
+//         });
+//     }
+//     /**
+//      * Computes a stable hash for content comparison.
+//      */
+//     function hash_content(content: string): string {
+//         return createHash("sha256").update(content).digest("hex");
+//     }
+// }

package/backend/dist/esm/backend/src/server.js

@@ -609,6 +609,7 @@ export class Server {
                 content_type: this.get_content_type(favicon.extension()),
                 _is_static: true,
                 server: this,
+                cache: true,
             });
         }
         // Create status endpoint.
@@ -632,6 +633,7 @@ export class Server {
             params: {
                 key: "string",
             },
+            cache: false,
             callback: async (stream, params) => {
                 // Check key.
                 if (params.key !== status_key) {
@@ -699,6 +701,7 @@ export class Server {
             data: sitemap,
             content_type: "application/xml",
             _compress: false,
+            cache: true,
         });
     }
     // Create the robots.txt endpoint.
@@ -724,6 +727,7 @@ export class Server {
             content_type: "text/plain",
             data: robots,
             _compress: false,
+            cache: true,
         });
     }
     // Create admin endpoint.